Law enforcement authorities, security companies and many individuals that don’t agree with the activities performed by Anonymous and other hacktivists are basking in joy after the apprehension of many LulzSec hackers, but experts warn that the real cybercriminals are still out there and they’re not as easy to identify.
Paul Ferguson, a senior threat researcher at Trend Micro, makes an interesting point when he says that many of the real cybercriminals, which include carders and other types of fraudster, are still at large and, unlike hacktivists, they don’t go publishing sensitive data on Pastebin and defacing sites.
“Sure, I’m glad these guys got arrested, but I think there is a much more important message here which is not being put forward – organizations are simply not doing a good enough job of protecting their assets,” Ferguson wrote.
The data breaches we learn about each day don’t only highlight the fact that hackers are capable and they're good at finding security holes, but they also show that companies are unable to ensure that their infrastructures are properly protected.
Of course, no one said it’s easy, but unfortunately many businesses hardly even think about security, unless maybe only after they’re affected by a breach.
For the firms who do want to start protecting their assets, the researcher proposes a security practice known as the OODA Loop (observe, orient, decide, act) which proved to be highly effective in previous situations.
“What I really like about the OODA Loop reference model is that it forces organizations to do constant ‘care and feeding’ of their security posture, observations, measurements, and adjustments,” he explained.
There are a lot of hacktivists worldwide and the arrests of a few may discourage some of them, but the phenomenon will never die out completely. Furthermore, while online activists cause some degree of damage, their actions can’t be compared by far with the ones of profit-driven hackers.
This is why organizations need to be constantly assessing and improving their security posture. Before thinking that your systems are completely secure, remember what the hackers always say: security is an illusion.